Closed pikurasa closed 8 years ago
I emailed my latest draft to sourcecode@omb.eop.gov last night but have yet to see it published here, so I will copy and paste below. Thank you!
To: sourcecode@omb.eop.gov Subject: Suggested Edits to the Source Code Policy Date: Mon, 18 Apr 2016 21:27:53 -0400 ---[email start]---
To Whomever it may Concern,
Below (and attached) are my suggested changes to the source code policy.
I am a music teacher and not skilled at coding, but I understand the implications of licensing for everyday users. As an educator, I understand the implications of licensing for education. As a U.S. citizen, I understand the need for civil liberties, equality, and social justice. That is why I stand by the recommendations made by the Free Software Foundation (https://www.fsf.org/blogs/community/u-s-federal-source-code-policy-fsf-supports-and-urges-improvements-comment-by-april-18).
The draft below is my attempt to adapt the language your agency provided to better fit the FSF's recommendations (before the deadline for submissions), and thereby better aligning the language of the document with the founding principals of the United States of America. It is not yet perfect, but a better start toward a policy that puts American citizens' rights and freedoms first.
Thank You, Devin Ulibarri
layout: page
title: Federal Source Code Policy
permalink: /
description: "Introduction for Public Comment"
The White House committed to adopting a Government-wide Free Software policy in its Second Open Government National Action Plan that "will support improved access to custom software code developed for the Federal Government," emphasizing that using and contributing back to free software can fuel innovation, lower costs, and benefit the public.1 In support of that commitment, today the White House Office of Management and Budget (OMB) is releasing a draft policy to improve the way custom-developed Government code is acquired and distributed moving forward. This policy is consistent with the Federal Government’s long-standing policy of ensuring that "Federal investments in IT (information technology) are merit-based, improve the performance of our Government, and create value for the American people."<sup id="fnr2">2
This policy requires that, among other things: (1) new custom code whose development is paid for by the Federal Government be made available for reuse across Federal agencies; and (2) a portion of that new custom code be released to the public as Free Software (FLOSS).
We welcome your input on this innovative draft policy. We are especially interested in your comments on considerations regarding the release of custom code as FLOSS. The draft policy proposes a pilot program requiring covered agencies to release at least 20 percent of their newly-developed custom code, in addition to the release of all custom code developed by Federal employees at covered agencies as part of their official duties, subject to certain exceptions as noted in the main body of the policy.3
Considerations regarding releasing custom code as Free Software include:
Thank you for taking the time to participate in the development of this Federal policy. We look forward to receiving your comments and working together to solidify our commitment to efficiency and openness in Government.
The proposed guidance is now open for public comment on this page. The public comment period will last 30 days, closing on April 11, 2016. Following the public comment period, feedback received will be analyzed to help inform the development of any final policy.
You may provide feedback in one of three ways. We ask that you do not submit the same comment more than once.
layout: page title: Federal Source Code Policy | Introduction permalink: /introduction/
The U.S. Government is committed to improving the way Federal agencies buy, build, and deliver information technology (IT) and software solutions to better support cost efficiency, mission effectiveness, and the consumer experience with core Government programs. Each year, the Federal Government spends more than $9 billion on software through more than 50,000 transactions.1 A large portion of Government software—including proprietary, <a href="https://www.gnu.org/philosophy/free-sw.html.en">free software, and mixed source options—is commercially-available "off the shelf" (COTS) software2 that is developed and owned by either proprietary software vendors or a free software provider, requiring no additional custom code to be written for its use in the Federal Government.<a href="#fn3">3
However, when Federal agencies are unable to identify an existing Federal or COTS software solution that satisfies their specific needs, an agency may choose to develop a custom software solution on its own or pay for its development. When agencies procure custom-developed code, they are not always in a position to make their new code broadly available for Federal Government-wide reuse.<a href="#fn4">4
In some cases, agencies may have difficulty establishing under the terms of the contract that the software was produced in the performance of a Federal Government agreement. Furthermore, even when agencies are in a position to make their code available on a Government-wide basis, they do not routinely make their source code discoverable and usable to other agencies in a consistent manner. These shortcomings can result in duplicative acquisitions for the same code and inefficient spending of taxpayer dollars. This policy seeks to address these challenges by laying out steps to help ensure that new custom-developed Federal source code be made broadly available for reuse across the Federal Government.5 This is consistent with the Digital Government Strategy's "Shared Platform" approach, which enables Federal employees to work together—both within and across agencies—to reduce costs, streamline development, apply uniform standards, and ensure consistency in creating and delivering information.6 Enhanced reuse of custom-developed code across the Federal Government can have significant benefits for American taxpayers, such as reducing Federal vendor lock-in,7 decreasing duplicative costs for the same code, increasing transparency across the Federal Government, and minimizing the challenges associated with integrating large blocks of code from multiple sources.
While the benefits of enhanced Federal code reuse are significant, additional benefits can accrue when code is also made available to the public as Free Software (FLOSS). Making code available with an FLOSS license can enable continual improvement of Federal code projects when a broader community of users implements the code for its own purposes and publishes bugs and improvements. A number of private sector companies have already shifted some of their software development projects to a free software model,8 in which the source code of the software is made broadly available to the public for inspection, improvement, and reuse. In fact, several Federal agencies and component organizations also have already begun publishing custom-developed code under free software licenses or in the public domain, as discussed further below. Moreover, the Administration made a commitment, as part of its Second Open Government National Action Plan,9 to develop an Open Source Software policy that, together with the U.S. Digital Services Playbook,10 will support improved access to custom code developed for the Federal Government. This policy fulfills that commitment in an effort to improve U.S. Government software development and make the Government more open, transparent, and accessible to the public. Just as the Administration's Open Data Policy11 contributed to the creation of valuable and successful private businesses and services based upon open data released by the Government,<sup id="fnr12">12 improving access to taxpayer-funded source code can help facilitate similar results predicated on FLOSS.
layout: page title: Federal Source Code Policy | Objectives permalink: /Objectives/
This policy will accomplish the following objectives:
layout: page title: Federal Source Code Policy | Scope and Applicability permalink: /Scope/
The requirements outlined in this policy apply to all covered agency agreements that (1) relate to Federally-procured software solutions; and (2) include requirements for, or may result in, custom-developed source code. Source code developed for National Security Systems, as defined in 44 U.S.C. §3542, is exempt from the requirements of this policy. For National Security Systems, agencies shall follow applicable statutes, Executive Orders, directives, and internal agency policies.
This policy does not require that existing custom-developed source code created by third party developers or vendors for the Federal Government be retroactively made available for Government-wide reuse or as FLOSS; however, making such code available for Government-wide reuse or as FLOSS, to the extent permissible under existing contracts or other agreements, is strongly encouraged. This policy also does not apply to software code whose development was not paid for by the Federal Government, even if later procured by the Federal Government (e.g., "Microsoft Word", which is proprietary software and whose copyright is held with a 3rd party company).
Furthermore, this policy applies to all custom code created by covered agency employees in the course of their official duties, subject to certain exceptions noted below. For such code, it is encouraged that covered agencies apply the requirements of this policy retroactively to the extent practicable.
The covered agencies' Chief Information Officers (CIO), Chief Acquisition Officers (CAO) and other key stakeholders shall immediately begin working together to implement this guidance.
layout: page title: Federal Source Code Policy | Software Procurement Considerations permalink: /Procurement/
The U.S. government is would like to adopt a policy that considers software freedom for its agencies and for its citizens. Software freedom will benefit the U.S government in many ways, but it will also benefit U.S. citizens when made publicly available and therefore the government will strive to move from proprietary solutions to entirely free software solutions all while maintaining a public distribution of the developed software.
In meeting their software needs, covered agencies should give preference to existing Federal software solutions (e.g., Federal shared services or existing reusable source code) or a purchasable off-the-shelf software solutions (e.g., COTS) that can efficiently and effectively meet their operational and mission needs. When a covered agency determines that these alternatives do not meet its needs, the agency may need to procure custom-developed source code built from scratch or built on top of a proprietary solution.
Consistent with OMB policy, in the course of deciding whether a custom solution is necessary, covered agencies must conduct the following three-step analysis (as illustrated in Appendix B). This analysis is intended to mitigate unnecessary spending on custom-developed software solutions by ensuring that existing Federal and commercial solutions, including existing proprietary and/or free software solutions and reusable code, are considered as potential alternatives. In any of the following steps, covered agencies may consider hybrid solutions (i.e., those containing a mixture of existing, COTS, and/or custom solutions) if a preexisting Federal software solution or COTS solution does not—on its own—fully meet the covered agency's operational and mission needs.15 Furthermore, consistent with OMB policy, covered agencies must evaluate safe and secure cloud computing options throughout every step of the software procurement analysis.16 These steps are consistent with the long-standing OMB policy commonly known as "Raines' Rules."17
layout: page title: Federal Source Code Policy | Government-wide Code Reuse permalink: /Reuse/
Under U.S. copyright law, all software created by Federal Government employees as a “government work” is in the public domain and, accordingly, is not subject to copyright protection in the United States.20 However, software created on behalf of the Government by third parties, such as private sector vendors, is subject to copyright protection. Currently, the majority of software solutions used in the Federal Government are developed by third parties and therefore its copyright is held with the respective vendors--the vast majority of whom choose a restrictive, proprietary license.
As discussed earlier, the reuse of custom-developed source code purchased by the Federal Government has numerous benefits for American taxpayers. To take advantage of these benefits, all covered agencies and component organizations that procure custom-developed software solutions for the Federal Government must, at a minimum, comply with the following requirements:
Covered agencies that enter into agreements for the development of software should require unlimited data rights in accordance with this policy. Additional guidance, including sample language for agreements, shall be provided as a part of Project Open Source.<a href="#fn21">21
Securing Federal Government-wide reuse rights for custom code is a critical first step in gaining efficiencies in Federal software purchasing; however, without broad and consistent dissemination of the code across the Federal Government, these efficiencies cannot be fully realized. Therefore, in addition to securing the rights discussed above, covered agencies must make custom-developed code available to all other Federal agencies.22 The "Implementation" section of this policy provides additional guidance on this requirement.
Note that although Government-wide reuse of custom-developed code shares some of the same benefits as FLOSS, it does not meet the definition of FLOSS23 and should therefore not be mislabeled as such.
layout: page title: "Federal Source Code Policy | Federally Funded Custom Code as Free Software" permalink: /FLOSS/
As previously mentioned, a number of private sector companies have shifted some of their software use and development to a free software model.24 Similarly, when properly implemented and documented, releasing code as free software can benefit Federal agencies by allowing professional communities of practice to develop around software libraries and Application Programming Interfaces (APIs). This collaborative atmosphere makes it easier to conduct software peer review and security testing, to reuse existing solutions, and to share technical knowledge.<a href="#fn25">25 In fact, the Federal Government and partner organizations have recently begun using more FLOSS and publishing some of their custom software code under free software licenses or in the public domain. Some examples include:
As outlined in the OMB Open Government Directive,<a href="#fn32">32 the three principles of transparency, participation, and collaboration form the cornerstone of an open government. Federally released FLOSS embodies these principles. Leveraging the skills and knowledge of individuals across the Federal Government and beyond can result in, among other things, enhancements to code quality and security as a result of public scrutiny of free software code.33 Federal FLOSS can also contribute to economic growth and innovation as state and local governments, private sector companies, taxpayers, and others can reuse that code to develop products and services for the public.<sup id="fnr34">34
In furtherance of the objectives outlined in the Open Government Directive, this policy requires that covered agencies participate in the following pilot program to encourage the development and publication of custom-developed Government code as FLOSS.
Each covered agency shall release 100 percent of its newly-developed custom code each year as FLOSS. Custom code is defined as code for all custom software projects, modules, and add-ons that are self-contained.35 When deciding which custom code projects to release, each covered agency should prioritize the release of custom code that it considers potentially useful to the broader community.<a href="#fn36">36
Within 120 days of the publication of this policy, OMB shall develop metrics to assess the impact of the pilot program. No later than two years after the publication date of this policy, OMB shall consider whether to issue a subsequent policy to continue, modify, eliminate, or expand the pilot program. Unless extended by OMB through the issuance of further guidance, the pilot program will expire three years (36 months) after the publication date of this policy. Please refer to the "Implementation" section of this policy for additional guidance on how to comply with the requirements of the pilot program.
Communities are critically important to the long term viability of free software projects. Consistent with the Digital Government Strategy's principles to participate in free software communities and leverage public crowdsourcing, covered agencies should develop and release code in a manner that (1) fosters communities around shared challenges; (2) optimizes the ability of the community to provide feedback on, and make contributions to, the code; and (3) encourages Federal employees and contractors to contribute back to the broader FLOSS community by making contributions to existing free software projects. In furtherance of this strategy, covered agencies must comply with the following principles:
Source Code has an amazing amount of valuable information that can be leveraged as a learning/teaching tool. Free Software allows software to be studied and therefore the public benefits from the freedom of being able to study, modify, and redistribute the source code by learning more about the way the world works. <a href="https://www.gnu.org/education/edu-schools.en.html">https://www.gnu.org/education/edu-schools.en.html
layout: page title: Federal Source Code Policy | Implementation permalink: /Implementation/
The Federal Information Technology Acquisitions Reform Act (FITARA)<sup id="fnr39">39 creates clear responsibilities for agency CIOs related to IT investments and planning as well as requiring that agency CIOs be involved in the IT acquisition process. OMB’s FITARA implementation guidance—M-15-14: Management and Oversight of Federal Information Technology<a href="#fn40">40—established a "common baseline" for roles, responsibilities, and authorities of the agency CIO and the roles of other applicable Senior Agency Officials<a href="#fn41">41 in managing IT as a strategic resource. Accordingly, the heads of covered agencies must ensure that CIOs are positioned with the responsibility and authority necessary to implement the requirements of this policy in coordination with other Senior Agency Officials. As appropriate, the CIO should also work with the agency's public affairs staff, open government staff, web manager or digital strategist, program owners and other leadership, to properly identify, publish, and work with communities concerning their free software projects.
Project Open Source
Within 90 days of the publication date of this policy, the Administration will launch Project Open Source,<a href="#fn42">42 an online repository of tools, best practices, and schemas to help covered agencies implement this guidance. Project Open Source will be accessible at https://project-open-source.cio.gov. Project Open Source will evolve over time as a community resource to facilitate the adoption of good custom source code development and release practices. Guidance and language on free software licenses will be provided as part of Project Open Source. The repository will include further definitions, evaluation metrics, checklists, case studies, model contract language and more, and will enable collaboration across the Federal Government in partnership with the public.
Code Repositories
Accessible repositories for the storage, discussion, and modification of custom code are a critical portion of both the Government-wide reuse and FLOSS pilot program portions of this policy. Covered agencies should utilize existing code repositories and common third-party repository platforms as necessary to comply with this policy.<a href="#fn43">43 Project Open Source will contain additional guidance on using custom code repositories as related to achieving the objectives of this policy.
Code Inventories and Discovery
Code inventories are a means of discovering information such as the functionality and location of potentially reusable or releasable custom code repositories. Within 90 days of the publication date of this policy, each covered agency must update, and thereafter keep up to date, its inventory of agency information resources (as required by OMB Circular A-130)44 to include an enterprise code inventory that lists all custom code developed for or by the agency after the publication date of this policy. The enterprise code inventory is not intended to house the custom code itself; rather, it is intended to serve as a tool for discovering custom code that may be available for Government-wide reuse or as FLOSS, and to provide transparency into custom software code that is developed using Federal funds. The inventory will indicate whether the code is available for Federal reuse, is available publicly as FLOSS, or cannot be made available due to a specific exception from this policy.
Covered agencies must describe projects within the inventory using extensible metadata that will be described in an inventory schema on Project Open Source. OMB will provide this inventory schema to covered agencies within 60 days of the publication date of this policy. Within 120 days of the publication of this policy, OMB will identify a suitable central location to make the reported FLOSS searchable and discoverable for agencies and the public. Please refer to Project Open Source for best practices, tools, and schema to implement the enterprise code inventory and harvestable files.
Updated TechFAR Guidance
OMB’s Office of Federal Procurement Policy (OFPP) and the U.S. Digital Service (USDS) will update the TechFAR Handbook<a href="#fn45">45 to highlight how agencies can go about securing Federal reuse rights and free software licenses as part of their acquisitions processes.
Agency Policy
Within 90 days of the publication date of this policy, each covered agency CIO must develop an agency-wide policy that addresses the requirements of this memo. In accordance with OMB guidance,<sup id="fnr46">46 these policies will be posted publicly. Moreover, within 90 days of the publication date of this policy, each covered agency’s CIO office must work to correct or amend any policies that are inconsistent with the requirements of this memo, including the correction of policies that automatically treat FLOSS as noncommercial software.
Accountability Mechanisms
Progress on agency implementation of the actions required in this policy will be primarily assessed by OMB through analysis of each covered agency’s internal Government repositories, public FLOSS repositories, and code inventories, as well as data obtained through the quarterly Integrated Data Collection (IDC), quarterly PortfolioStat sessions, the IT Dashboard, and additional mechanisms to be provided via Project Open Source.47
Exceptions to Government-wide Reuse or to Publication
The exceptions provided below may be applied, in specific instances, to exempt a covered agency from (1) sharing custom code with other Government agencies, or (2) publically releasing custom code that is developed by covered agency employees. Any exceptions used must be approved and documented by the agency’s CIO. Please note that the exceptions below do not exempt a covered agency from acquiring unlimited data rights in newly procured custom code. Moreover, these exceptions do not apply in calculating a covered agency’s codebase for purposes of the FLOSS pilot program; but covered agencies should, as part of their internal 20 percent of custom code selection process, refrain from selecting code that would fit any of the characteristics listed below. In the event that a covered agency’s CIO believes that the agency cannot meet the 20 percent requirement of the FLOSS pilot program because the agency is otherwise prohibited from releasing more than 80 percent of its code, the CIO should consult with OMB.
Applicable exceptions are as follows:
OMB expects exceptions to be rare and the result of a significant Government interest. Excepted software must still be listed in the agency’s enterprise code inventory, with certain redactions allowed. Please refer to Project Open Source for additional guidance on this topic. This memorandum is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
layout: page title: Federal Source Code Policy | Appendix A - Definitions permalink: /Appendixa/
Code Contributions: Source code or other materials written by external parties and submitted to the developers/maintainers of a software project. Some common examples of code contributions are bug fixes, new or improved features, and documentation improvements.
Covered Agency: For purposes of this policy, a covered agency is one that meets the definition of agency under the Federal Information Security Management Act of 2002 (FISMA). See 44 U.S.C. §3502.
Custom Code: Software source code that is written to fulfill a specific purpose that is not already addressed by existing programs or COTS solutions. For the purposes of this policy, custom code development must be fully funded by the Federal Government and is either developed by a contracting entity for use by the Federal Government, or developed by covered agency employees in the course of their official duties.
Derivative Works: For the purposes of this policy, a "derivative work" is a work based upon one or more preexisting works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which a work may be recast, transformed, or adapted. A work consisting of editorial revisions, annotations, elaborations, or other modifications which, as a whole, represent an original work of authorship, is a “derivative work”.<sup id="fnr48">48
Mixed Source: A mixed source software solution may incorporate public domain, free software, and/or proprietary code. Developers and users of mixed source software solutions must take component-level intellectual property rights into consideration whenever modifying, reusing, or distributing source code.
Public Development: "Public development" means to publish the source code at a publicly accessible website, so that project(s) under active development can be audited by U.S. citizens and contributions can be made before final release of the software. In the framework of computer software design, it is a process by which developers ensure the highest possible levels of transparency, legibility, testability, and modularity in their code from the start. This process is designed to engage and empower a community in the development of that code in an incremental and agile manner. Open development provides a larger base for quality assurance and product support in the initial phases of a project, in addition to making code easier to read, understand, repurpose, and incorporate for other programmers who may not be able to contact the original coder for support.
Open Source Software: Sometimes something similar to "Free Software" (see definition below) is referred to as "Open Source Software" (OSS). However, OSS connotes an entirely different ideal, which does not align with the values of the United States of America. The definition is also more vague than the official "Free Software" definition (see below)<sup id="fnr49"><a href="#fn49>49. Because of the lack in clarity of the goals of OSS, it is sometimes more restricted than Free Software in that a central authority (corporate owner) sometimes maintains a method of restricting its users and therefore impinging on their freedoms by retaining some exclusive rights to the software and its associated source code, and may distribute the software under more restrictive proprietary terms. These licenses specify how a particular work may be reproduced, modified, or used as a component of a larger system or as a standalone piece of software.<a href="#fn50">50
Free Software (also known as Free/Libre Open Source Software or FLOSS): Software that gives its users the rights to 1) use for any purpose, 2) study the source code 3) share without restriction 4) modify, and redistribute the modified changes. FLOSS is distributed under licenses that comply with the definition of "Free Software" provided by the Free Software Foundation (https://www.gnu.org/philosophy/free-sw.html).<sup id="fnr51">51 The term "Free Software" puts emphasis on civil liberties ("freedom"), the rights of its users, and social justice. These are all ideals that the citizens of the United States of America fight to uphold and therefore the chosen recommended terminology for U.S. national policy decisions.
Proprietary Software: Software with intellectual property rights that are retained exclusively by an individual or a company. Although FLOSS intellectual property rights can also be retained by an individual or a company (through the use of a proper FLOSS license), the term "proprietary software" refers to software that restricts the user of the software in one of the four fundamental freedoms defined by Free Software. For example, proprietary software is typically called "closed-source", in that its source code is not made broadly available to users or the general public without restrictions defined by the owner.
Free Software Directory: An online catalog of existing Free Software (https://directory.fsf.org/).
Public Domain: The set of works for which copyrights and related rights have expired, been relinquished, or do not apply, making the work freely available to the public for any purpose. Under U.S. copyright law, works created by Government employees within the scope of their employment are not subject to domestic copyright protections under 17 U.S.C. §105. Note that this definition is unrelated to the term "public domain" as it is used in export control regulations.
Software: Can refer to either: (i) Computer programs that comprise a series of instructions, rules, routines, or statements, regardless of the media in which recorded, that allow or cause a computer to perform a specific operation or series of operations; or (ii) Recorded information comprising source code listings, design details, algorithms, processes, flow charts, formulas, and related material that would enable the computer program to be produced, created, or compiled. Software does not include computer databases or computer software documentation.<sup id="fnr52">52
Source Code: Information written in a computer programming language that is readable by people. Source code must be interpreted or compiled before a computer can execute the code as a program. Source code readability can benefit from the inclusion of comments or other in-code documentation that indicates the requirements and functionality of specific algorithms and other components.
layout: page title: "Federal Source Code Policy | Appendix B" permalink: /Appendixb/
---[email end]---
@freephile addresses some issues in pull request https://github.com/WhiteHouse/source-code-policy/pull/78
...however, the more I read it I realize that there is a fundamental flaw. The flaw is that it does not target they real issue--social justice.
I am trying to create a patch, but this is sum of issue:
I will do my best to work with what I have been given here to create an adequate solution to this issue. Thank you!